10 Dramatic Moments In Black Hat History
From Google hacking to ATM "jackpotting" to the NSA -- Black Hat has had some memorable moments over the years.
July 31, 2014
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt6f01a05c8bc66192/64f0dd0d6d7cd0e172466483/alexander.jpg?width=700&auto=webp&quality=80&disable=upscale)
In the wake of the Snowden scandal, then-NSA director General Keith Alexander, in the keynote address to Black Hat USA attendees, provided rare details about controversial NSA programs that had been exposed in the Snowden leaks. Alexander faced a mostly respectful audience, but was heckled by a couple of protesters who voiced their mistrust of the NSA. A carton of eggs was also confiscated prior to the commencement of the keynote.
Before this year's upcoming talk on hacking hotel room automation systems, there was Brocious's bodacious demo of a hack that showed how a couple of vulnerabilities in one of the most prevalent digital hotel key systems on the market would make it trivial to break into guest rooms. He showed off a tool he made for the purpose using just $50 worth of freely available parts.
A diabetic himself, Radcliffe showed how powerful white hat hacker curiosity can be when he started testing the insulin pumps he used to keep his blood sugar in check and found remotely exploitable vulnerabilities that could be easily used to kill someone if they were manipulated by the wrong hands. His Black Hat talk shook up the medical device community and offered a kick-start to other researchers' exploration into the flaws in human medical devices.
In what was possibly one of the most memorable presentations by the late Barnaby Jack, he wowed the packed audience with a demonstration of how a real-live ATM machine could be hacked to spew money out of its gaping maw on the attacker's command.
The old hands in security had been warning anyone who'd listen about how flawed the nation's critical infrastructure systems really were, but Davis's presentation refocused the industry's attention on smart meters and other power systems when he showed off a proof-of-concept of how a worm could potentially wreak havoc on a whole neighborhood of smart meters.
A lot of the drama around Kaminsky's huge DNS flaw discovery happened in the months prior to the show, but Black Hat was his first opportunity to publicly explain how the fundamental cache poisoning flaw worked and also the mechanics of a massive multi-vendor effort to simultaneously release patches for the flaw just weeks before Black Hat that year.
Lynn's controversy upstaged a lot of good research that year, but we shouldn't forget the contribution that Barrall and Dewey made to security practices by uncovering how easily maliciously manipulated USB controllers could be used to completely root systems.
In perhaps one of Black Hat's most dramatic controversies, Michael Lynn put his job and reputation on the line when he presented details on a flaw in the Internetwork Operating System (IOS) of Cisco routers. Cisco had put heat on his employer, Internet Security Systems, to cancel the talk, and Lynn felt compelled to quit his job in order to ensure his research saw the light of day.
What started as a goof ended up yielding serious results as Long first explained how to harness the power of Google to mine the Internet for vulnerable sites. For several years after, Long reiterated his Google hacking techniques with further talks that showed penetration testers how useful they could be in launching malicious attacks against vulnerable sites.
Before Litchfield built his career on making Larry Ellison regret his "unbreakable" Oracle comments, he first made waves with his detailed unveiling of a then-patched buffer overflow vulnerability for SQL Server, along with a now-famous proof-of-concept against it. The code eventually proved to become the template for the disastrous SQL Slammer worm that hit the industry hard in 2003.
If there is one thing there's no lack of in Las Vegas at the Black Hat conference, it's drama. Mix in big bug discoveries, shocking proofs-of-concept, and big egos with the high stakes of corporate and personal reputations at risk, and you've got a recipe for raucousness. And given the quirky, hilarious, anti-establishment nature of many within the security research community, it's no wonder that that this show continues to deliver dramatic moments year in and year out.
[At Black Hat, researchers will point out the weaknesses in everything from the satellites in outer space to the thermostat in your home. Read 7 Black Hat Sessions Sure To Cause A Stir .]
This year's show is shaping up to be no different. But before we get there, let's take a quick look back at some of the big demos and research highlights of the past so we can see how influential this show's moments have been in shaping the industry.
If there is one thing there's no lack of in Las Vegas at the Black Hat conference, it's drama. Mix in big bug discoveries, shocking proofs-of-concept, and big egos with the high stakes of corporate and personal reputations at risk, and you've got a recipe for raucousness. And given the quirky, hilarious, anti-establishment nature of many within the security research community, it's no wonder that that this show continues to deliver dramatic moments year in and year out.
[At Black Hat, researchers will point out the weaknesses in everything from the satellites in outer space to the thermostat in your home. Read 7 Black Hat Sessions Sure To Cause A Stir .]
This year's show is shaping up to be no different. But before we get there, let's take a quick look back at some of the big demos and research highlights of the past so we can see how influential this show's moments have been in shaping the industry.
In the wake of the Snowden scandal, then-NSA director General Keith Alexander, in the keynote address to Black Hat USA attendees, provided rare details about controversial NSA programs that had been exposed in the Snowden leaks. Alexander faced a mostly respectful audience, but was heckled by a couple of protesters who voiced their mistrust of the NSA. A carton of eggs was also confiscated prior to the commencement of the keynote.
Read more about:
Black Hat NewsAbout the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024